Common Cyber-Risk Misconceptions

Published:16/11/2018

Common Cyber-Risk Misconceptions

Did you know that all directors of Australian companies have a fiduciary duty to ensure a robust approach is taken towards cyber resilience? A breach of such obligations can leave directors potentially exposed to personal liability under section 180 of the Corporation Act.

Despite a wealth of information being available on cyber risks, it is still very common for businesses of all sizes to underestimate their own exposure. Don't let your business, or yourself, be caught out. Take a moment to explore some common misconceptions about cyber-risk.

Common Misconception

Comments

"I'm too small to be a target."

While attacks against smaller companies do not make headlines, insurers claim they are requent and increasingly severe. As of 2018, the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) reported the following statistics:

small business is the target of 43% of all cybercrimes;

as a result of the 2017 Ransomware attacks, 22% of small businesses impacted could not continue operations;

the cost to the Australian economy in relation to cybercrime is >$1b annually.

Furthermore, the Ponemon Institute 2017 study, as at June 2017, into the cost of data breach in Australia declared the average total cost to affected Australian companies at $2.51m each. It is therefore not surprising that so many small businesses shut down after a breach.

"We don't collect sensitive data, so we have no exposure."

Data breaches are just one of the many cyber risks facing businesses. Some further examples include but are not limited to:

electronic funds transfers are vulnerable to funds transfer fraud;

social engineering scams are successfully hitting all businesses and industries;

first party business interruption losses do not require a business to collect sensitive data to be exposed - merely being unable to access their systems puts certain businesses at risk of financial loss, particularly where technology is increasingly utilised in day-to-day operations.

We've invested in our networks so that they are secure."

According to ASBFEO as at 05 January 2018, 87% of small businesses believe that antivirus software alone protects their business from cyber attacks.

Investing in security is paramount as this must be your first line of defence. However, claims have shown that despite significant investment in securing networks, no one can ever be 100% secure. Cyber criminals are becoming increasingly sophisticated, relentlessly finding ways in which they can infiltrate networks. Further, some cyber threats do not necessarily involve accessing third party networks. For example, social engineering fraud or the actions of a rogue employee(s).

Refusing to purchase cyber insurance because you have IT security controls is akin to refusing to buy property insurance because you have physical security controls - the two should not be mutually exclusive.

"Our third party cloud provider is responsible for our data/networks."

Incorrect in most circumstances. If the cloud service provider suffers an attack and goes down, meaning you cannot operate, it is your business that will potentially suffer first party business interruption and the additional costs incurred in attempting to continue trading.

It can prove extremely difficult, potentially impossible, to recoup these losses from your IT provider.

"If my funds are stolen, my bank will reimburse me."

If the bank was not negligent or at fault, the bank will most likely not reimburse you.

You will most likely be held responsible if there was negligence on your part which allowed unauthorised access or if you or an employee were deceived into voluntary or erroneously wiring funds to a fraudster, i.e. social engineering scam.

We note that the above misconceptions are generic and may not be accurate in relation to your specific circumstance. We further note that there may be other misconceptions relating to cybercrime that have not been included above.

The information provided in this article is of a general nature only and has been prepared without taking into account your individual objectives, financial situation or needs. If you require advice that is tailored to your specific business or individual circumstances, please contact Coverforce directly.

Indicative Entry Level Pricing

Turnover

Limit of Liability

Minimum Price (including GST & Stamp Duty

Less than $5m

$1,000,000

$800

Up to $20m

$1,000,000

$1,500

NOTE: Pricing is purely a minimum indicative only - the premium is impacted by revenues, industry, business activities, claims and the company's cyber resilience (network security & procedures).

Contact Coverforce

Dont get caught out. Learning about cyber security and understanding common misconceptions can help you manage risks and address any vulnerabilities before it's too late.

To find out more about getting reliable insurance cover for your business, contact Coverforce and speak to one of our experienced insurance brokers today.

To get the right insurance cover, personalised risk advice and fantastic rates contact your local Coverforce Insurance Broker today.